You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Stefan Cordes (Jira)" <ji...@apache.org> on 2023/02/02 10:10:00 UTC
[jira] [Commented] (MENFORCER-407) Enforcer 3.0.0 breaks with Maven 3.8.4
[ https://issues.apache.org/jira/browse/MENFORCER-407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17683317#comment-17683317 ]
Stefan Cordes commented on MENFORCER-407:
-----------------------------------------
Looks like "provided-check" is back since [3.2.1|https://github.com/apache/maven-enforcer/releases/tag/enforcer-3.2.1] as after switching from 3.1.0 some provided dependencies are newly "violated":
Here 3.2.1:
{code:java}
04:21:03 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce (ci-snapshot-execution) on project mvnbase-maven-plugin:
04:21:03 [ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.RequireUpperBoundDeps failed with message:
04:21:03 [ERROR] Failed while enforcing RequireUpperBoundDeps. The error(s) are [
04:21:03 [ERROR] Require upper bound dependencies error for org.apache.maven:maven-model:3.8.5 [provided] paths to dependency are:
04:21:03 [ERROR] +-com.canda.maven:mvnbase-maven-plugin:2020.9.1-19-beta-newest-properties-SNAPSHOT
04:21:03 [ERROR] +-org.apache.maven:maven-plugin-api:3.8.5 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-model:3.8.5 [provided]
04:21:03 [ERROR] and
04:21:03 [ERROR] +-com.canda.maven:mvnbase-maven-plugin:2020.9.1-19-beta-newest-properties-SNAPSHOT
04:21:03 [ERROR] +-org.apache.maven:maven-core:3.8.7 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-model:3.8.7 [provided]
04:21:03 [ERROR] and
04:21:03 [ERROR] +-com.canda.maven:mvnbase-maven-plugin:2020.9.1-19-beta-newest-properties-SNAPSHOT
04:21:03 [ERROR] +-org.apache.maven:maven-core:3.8.7 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-model-builder:3.8.7 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-model:3.8.7 [provided]
04:21:03 [ERROR] and
04:21:03 [ERROR] +-com.canda.maven:mvnbase-maven-plugin:2020.9.1-19-beta-newest-properties-SNAPSHOT
04:21:03 [ERROR] +-org.apache.maven:maven-core:3.8.7 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-resolver-provider:3.8.7 [provided]
04:21:03 [ERROR] +-org.apache.maven:maven-model:3.8.7 [provided] {code}
With 3.1.0 same pom.xml is fine:
{code:java}
12:44:31 [INFO] --- maven-enforcer-plugin:3.1.0:enforce (ci-snapshot-execution) @ mvnbase-maven-plugin ---
12:44:31 [INFO]
12:44:31 [INFO] --- maven-resources-plugin:2.7:resources (default-resources) @ mvnbase-maven-plugin --- {code}
My understanding was that provided dependency-tree should not be checked, correct?
> Enforcer 3.0.0 breaks with Maven 3.8.4
> --------------------------------------
>
> Key: MENFORCER-407
> URL: https://issues.apache.org/jira/browse/MENFORCER-407
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 3.0.0
> Reporter: David Pilato
> Assignee: Slawomir Jaranowski
> Priority: Major
> Fix For: 3.2.0, 3.2.1
>
> Attachments: enforcer-3.0.0.log, enforcer.3.0.0-M3.log
>
>
> Here is the situation. I'm trying to [upgrade enforcer from 3.0.0-M3 to 3.0.0|https://github.com/dadoonet/fscrawler/pull/1214].
>
> Everything worked well on my laptop with Maven 3.5.3. So I looked at the version used by Github actions and saw that it's using Maven 3.8.4.
> As soon as I upgraded my local version of Maven to 3.8.4, I started to hit the same exact issue. It seems to try to pull net.sf.ehcache:sizeof-agent:1.0.1.
> If I revert Enforcer to 3.0.0-M3 with Maven 3.8.4, I can run without any issue mvn enforcer:enforce.
> So I suspect that the combination of both upgrades is triggering something.
> I noted also that 3.0.0 now tries to enforce as well dependencies marked as provided. Might be the reason of this.
> I attached the full logs when running with 3.0.0 and 3.0.0-M3.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)